Description
Scenario :
Bob and Alice are together an happy couple. William is jaleaous of this. He decides to send a mail to Alice, with Bob identity to tell her Bob decided to brake up.
To do this, Bob proceide a JMAP post on setMessages endpoint on outbox. He then uses bob address in the from field.
Alice will receive a mail from bob saying they broke up. And she will believe it, cry all the night and meet William.
Code snipsets : failing test :
```
@Test
public void test() throws Exception {
jmapServer.serverProbe().createMailbox(MailboxConstants.USER_NAMESPACE, username, "sent");
jmapServer.serverProbe().addUser("bob@domain.tld", "1234");
jmapServer.serverProbe().addUser("alice@domain.tld", "1234");
String requestBody = "[" +
" [" +
" \"setMessages\","+
" {" +
" \"create\": { \"user|inbox|1\" : {" +
" \"from\":
," +
" \"to\": [
]," +
" \"cc\": [
]," +
" \"subject\": \"Alice, I break up with you !\"," +
" \"textBody\": \"In this mail username@domain.tld pretends to be user1@domain.tld, and takes advantage of it\"," +
" \"mailboxIds\": [\"" + getOutboxId() + "\"]" +
" }}" +
" }," +
" \"#0\"" +
" ]" +
"]";
// Given
given()
.accept(ContentType.JSON)
.contentType(ContentType.JSON)
.header("Authorization", accessToken.serialize())
.body(requestBody)
// When
.when()
.post("/jmap")
.prettyPeek();
// Then
AccessToken user2AccessToken = accessToken = JmapAuthentication.authenticateJamesUser("alice@domain.tld", "1234");
Thread.sleep(10000);
with()
.accept(ContentType.JSON)
.contentType(ContentType.JSON)
.header("Authorization", user2AccessToken.serialize())
.body("[[\"getMessageList\",
, \"#0\"]]")
.when()
.post("/jmap")
.prettyPeek();
}
```
Jmap responses :
William :
```
[
[
"messagesSet",
{
"accountId": null,
"oldState": null,
"newState": null,
"created": {
"user|inbox|1": {
"id": "username@domain.tld|outbox|1",
"blobId": "1",
"threadId": "username@domain.tld|outbox|1",
"mailboxIds": [
"cf265170-1299-11e6-9382-c5a352d114a2"
],
"inReplyToMessageId": null,
"isUnread": false,
"isFlagged": false,
"isAnswered": false,
"isDraft": false,
"hasAttachment": false,
"headers":
,
"from":
,
"to": [
],
"cc": [
],
"bcc": [
],
"replyTo": [
],
"subject": "Alice, I break up with you !",
"date": "2016-05-05T08:17:29.974Z",
"size": 297,
"preview": "In this mail username@domain.tld pretends to be user1@domain.tld, and takes advantage of it",
"textBody": "In this mail username@domain.tld pretends to be user1@domain.tld, and takes advantage of it",
"htmlBody": null,
"attachments": [
],
"attachedMessages": {
}
}
},
"updated": [
],
"destroyed": [
],
"notCreated": {
},
"notUpdated": {
},
"notDestroyed": {
}
},
"#0"
]
]
```
Alice :
```
[
[
"messageList",
,
"#0"
],
[
"messages",
{
"notFound": [
],
"list": [
{
"id": "alice@domain.tld|INBOX|1",
"from":
,
"subject": "Alice, I break up with you !",
"textBody": "In this mail username@domain.tld pretends to be user1@domain.tld, and takes advantage of it"
}
]
},
"#0"
]
]
```